Univention Bugzilla – Bug 50122
firefox-esr: Multiple issues (4.3)
Last modified: 2019-09-11 15:56:08 CEST
New Debian firefox-esr 60.9.0esr-1~deb9u1 fixes: This update addresses the following issues: * Sandbox escape through Firefox Sync (CVE-2019-9812) * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Cross-origin access to unload event attributes (CVE-2019-11743) * XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Use-after-free while manipulating video (CVE-2019-11746) * Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
--- mirror/ftp/4.3/unmaintained/component/4.3-4-errata/source/firefox-esr_60.8.0esr-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/firefox-esr_60.9.0esr-1~deb9u1.dsc @@ -1,3 +1,10 @@ +60.9.0esr-1~deb9u1 [Wed, 04 Sep 2019 09:23:23 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + Fixes for mfsa2019-27, also known as: + CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752, + CVE-2019-9812, CVE-2019-11743, CVE-2019-11740. + 60.8.0esr-1~deb9u1 [Wed, 10 Jul 2019 07:13:23 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.3-4/#9087694458253768939>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] daea45ea38 Bug #50122: firefox-esr 60.9.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [4.3-4] dad5bba3b8 Bug #50122: firefox-esr 60.9.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.3/573.html>